Aberdeen City Council IT Governance

Size: px
Start display at page:

Download "Aberdeen City Council IT Governance"

Transcription

1 Aberdeen City Council IT Governance Internal Audit Report 2013/2014 for Aberdeen City Council May 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary where applicable Terms or reference agreed 4 weeks prior Green to fieldwork Planned fieldwork start date Green Fieldwork completion date Red Sickness absence of internal auditor performing fieldwork. Draft report issued for Management comment Green Management Comments received Green Report finalised Green Submitted to Audit and Risk Committee Green

2 Contents Section Page 1. Executive Summary 3 2. Background and scope 5 3. Detailed findings and recommendations 6 Appendix 1 Basis of our classifications 8 Appendix 2 Terms of reference 12 Appendix 3 - Limitations and responsibilities 14 This report has been prepared solely for Aberdeen City Council in accordance with the terms and conditions set out in our engagement letter 4 October We do not accept or assume any liability or duty of care for any other purpose or to any other party. This report should not be disclosed to any third party, quoted or referred to without our prior written consent. Internal audit work will be performed in accordance with Public Sector Internal Audit Standards. As a result, our work and deliverables are not designed or intended to comply with the International Auditing and Assurance Standards Board (IAASB), International Framework for Assurance Engagements (IFAE) and International Standard on Assurance Engagements (ISAE) Internal Audit report for Aberdeen City Council PwC Contents

3 1. Executive Summary Report classification Total number of findings Section 3 Critical High Medium Low Advisory Medium Risk Control design Operating effectiveness Total Responsible Director: Director of Corporate Governance Project Sponsor: Head of Customer Service and Performance Summary of findings 1.01 The Council s current ICT Business Strategy covers the period from During that period, the Council has completed a series of major organisational changes, including senior management restructuring, the introduction of Priority Based Budgeting, and a change in political administration amongst others. There have also been significant developments at a national level, including the production of a Scottish Local Government IT Strategy, changes to the PSN regime, the introduction of the Scottish Wide Area Network, and more recently the production of the Scottish Government Data Centre and Cloud strategies Through our review of IT Governance we have looked at the Council s current ICT Business Strategy and the proposed Enterprise Architecture governance framework that is being implemented. Based on our review we have made two medium classification findings regarding the current IT governance structures in place and recommendations for how the Council can improve its IT governance based on these findings The Head of Customer Service and Performance proposed the adoption of The Open Group Architecture Framework (TOGAF) as an Enterprise Architecture governance methodology that works closely with the business to an agreed set of principles in order to align technology to business needs. The framework was developed through a series of workshops involving ICT and business representatives. This was approved by the Corporate Management Team (CMT) in 28 June However, the current ICT Business Strategy does not include the implementation of an Enterprise Architecture governance framework as a strategic objective. The implementation of an Enterprise Architecture governance framework should be a strategic objective to ensure transparency and engagement across the organisation. 3

4 1.04 The Council currently has an Enterprise Architecture governance board that meets monthly. Requests for ICT work, including both operationally and architecturally significant work, are scrutinised and prioritised by the board, which is attended by senior business managers from across each of the Council directorates and chaired by the Head of Customer Service and Performance. However, the board does not have an approved defined role within the organisation. The role and authority of the governance board should be approved by the Corporate Management Team. Management comments The ICT Business Strategy referred to within the audit is still current, and through developing our Enterprise Architecture, we are carrying out preparatory work for the revised strategy by analysing the organisation's business plans and strategies, aligning the current ICT strategy and projects to business need, and sensechecking our alignment to emerging national strategies and developments including Scottish government data centre and cloud strategies, Local Government ICT strategy and the impact of PSN developments on our virtual environments and Bring Your Own Device (BYOD). There has been a continuing strategic oversight over emerging developments during the period of the current strategy which will be reflected in the revised document. All of this links to the development of roadmaps that will allow us to understand the relationships and lifecycles across our various business, application, technology and project portfolios and therefore allow for better governance of the EA landscape formed by the individual elements of these portfolios. Finally, we welcome the recognition of the good practice being implemented and have agreed the actions recommended in the report. 4

5 2. Background and scope Background 2.01 ICT has been engaged in a project to develop an Enterprise Architecture governance framework for Aberdeen City Council. This project has involved engagement with stakeholders across the business to tailor the framework to the specific requirements of the Council. From discussions with the key persons involved it was explained that the Council is one of only a few public authorities in the United Kingdom engaged in such a project. ICT Strategy 2.02 An ICT Business Strategy has been developed for the period covering This strategy was approved by the Continuous Improvement Committee in February 2009 and a revised version was approved the Corporate Policy and Performance Committee in March A high-level review of the strategy indicates that it was developed based on Central and Scottish Government initiatives and with reference to the Council s business strategy at the time. However, as identified in finding 3.01, the strategy does not refer to the ongoing project to develop an Enterprise Architecture governance framework and implement this across the Council. Enterprise Architecture Governance Framework 2.03 ICT, in conjunction with stakeholders across each directorate, has been developing an Enterprise Architecture governance framework for implementation at Aberdeen City Council. The framework process has involved engaging with the Sopra Group, an external IT consultancy, to help develop a framework for the Council that conforms to good practice Enterprise Architecture principles based on TOGAF An Enterprise Architecture governance board has been assembled, with representatives from both ICT and Heads of Service from each of the Council s directorates, to lead the project and help develop a governance framework tailored to the specific needs of the Council. As identified in finding 3.02 however, the board does not currently have an approved defined authority giving it the power to ensure that Enterprise Architecture governance is implemented and enforced across the organisation. Scope and limitations of scope 2.05 The detailed scope of this review is set out in Appendix 2 in the Terms of Reference. We have undertaken a review of the design and operating effectiveness of the Council s controls for IT Governance in the areas contained within this Terms of Reference. Our work was undertaken using a sample based approach with our review focused on the ICT Strategy and Enterprise Architecture Framework. 5

6 3. Detailed findings and recommendations 3.01 Develop a comprehensive ICT strategy Control design deficiency Finding Aberdeen City Council has an ICT Business Strategy for that was approved in February 2009 by the Continuous Improvement Committee, and was subsequently revised and updated with the approval of the Corporate Policy and Performance Committee in March Our high-level review of the strategy identified that it had been developed with reference to Central and Scottish Government ICT initiatives and with reference to the overall business strategy for the Council. However, we noted that it does not reflect the current work that is ongoing to develop an Enterprise Architecture ( EA ) governance framework for the Council and embed EA governance good practice within the organisation. The Corporate Management Team (CMT) approved a project to adopt The Open Group Architecture Framework (TOGAF) as an Enterprise Architecture governance methodology. Work commenced with Sopra to help develop the framework and a number of relevant IT staff have been formally trained in TOGAF and are currently working to take forward the draft work that Sopra developed and formalise it to fit the Council s business model. A formal project has been initiated to take the framework to a Level 3 Maturity within a period of 12 months from commencement. Given the current projects ongoing to develop an EA governance framework, we consider not having this set as a strategic objective to represent a weakness in the current strategy. Research indicates that one of the key factors in successfully implementing Enterprise Architecture into an organisation is having the full support of senior executive management. Including the implementation of an EA governance framework within the ICT strategy, and indeed within the wider Council business strategy, will ensure that senior executive management is committed to the project and that there is transparency across the organisation. The current ICT strategy is due to be renewed in 2015; this presents a significant opportunity for the Council to develop a comprehensive ICT strategy that sets out its vision for ICT, and how it links into the achievement of the Council s overall strategy. Risks Failure to develop a comprehensive ICT strategy increases the risk that the Council fails to achieve the ICT capabilities required to deliver its overall business strategy. Action plan Finding rating Agreed action Responsible person / title 6

7 Medium The strategy will include the commitment to implementing an Enterprise Architecture governance framework and have the support of the corporate management team. Including this commitment in the ICT strategy would reduce this risk to a low rating. Paul Fleming, Head of Customer Service and Performance Management Comment: The strategy is due to be reviewed in 2015 and the revised strategy will include this commitment. In the meantime, this is recognised as a priority action within the ICT Asset Management Plan, approved by Finance, Policy and Resources Committee. Work is ongoing to develop the framework, through preparing a road map of ICT for the business and its business applications, which will in turn inform the revised strategy. Target date: 31 March

8 3.02 Define the role of the Enterprise Architecture Governance Board Control design deficiency Finding The Enterprise Architecture Governance Board meets on a monthly basis to discuss Enterprise Architecture at the Council and includes representatives from ICT and the Heads of Service from across each of the Council s directorates. At present though the board s role and authority has not been defined within the Council. In developing an Enterprise Architecture governance framework the role and authority of the Enterprise Architecture Governance Board should be defined. Importantly the board should have direct reporting to the Corporate Management Team and in turn be given direct responsibility from the CMT. Giving the Enterprise Architecture Governance Board clear authority over the governance of Enterprise Architecture for the organisation will give it the power to ensure compliance with the Enterprise Architecture principles defined in the framework. Risks The Enterprise Architecture Governance Board does not have the authority to ensure compliance across the organisation with the Enterprise Architecture framework resulting in the Council failing to deliver on its Enterprise Architecture objectives. Action plan Finding rating Agreed action Responsible person / title Medium The role and authority of the Enterprise Architecture Governance Board will be defined as part of the Enterprise Architecture Governance Framework and approved by the Corporate Management Team. The Enterprise Architecture Governance Board will have rules that clearly define its structure, composition and decision making. The Enterprise Architecture Governance Board will have responsibility for monitoring compliance with the Enterprise Architecture Governance Framework and reporting on compliance directly to the Corporate Management Team. Management Comment: The agreed actions are recorded as activities within the project plan for Developing an Enterprise Architecture Framework, currently scheduled for September 2014, subject to limited enterprise Architecture resource availability. Paul Fleming, Head of Customer Service and Performance Target date: 31 October

9 3.03 Establish KPIs and performance monitoring to measure Enterprise Architecture governance compliance across the organisation Control design deficiency Finding Embedding a strong governance culture around Enterprise Architecture is important in ensuring the success of the Enterprise Architecture Governance Framework project. Once the Enterprise Architecture Governance Board has developed a tailored Enterprise Architecture governance framework for the Council the monitoring of performance in complying with the framework will be the next step. Developing a clear set of key performance indicators (KPIs), and embedding Enterprise Architecture governance compliance into employee performance reviews, will help foster a culture of good governance around Enterprise Architecture across the organisation. Risks The Enterprise Architecture governance framework is not embedded within the culture of the Council resulting in the benefits of the project not being obtained and a return to business as usual. Action plan Finding rating Agreed action Responsible person / title Low The Enterprise Architect Governance Board will agree a suite of KPIs, relevant to the organisation, for monitoring performance compliance with the Council s Enterprise Architecture governance framework. The Enterprise Architect will have responsibility for monitoring the KPIs and reporting to the governance board on compliance. The governance board will in turn report on compliance to the Corporate Management Team. Compliance with the Enterprise Architecture governance framework will be considered in employee performance reviews for those employees for whom Enterprise Architecture governance is relevant to their job role. Management Comment: The agreed actions are recorded as activities, and a suggested suite of initial KPIs have been drafted for development and approval as part of the Developing an Enterprise Architecture Framework Project currently scheduled for early Paul Fleming, Head of Customer Service and Performance Target date: 31 March

10 Appendix 1 Basis of our classifications Individual finding ratings Finding rating Assessment rationale Critical A finding that could have a: Critical impact on operational performance; or Critical monetary or financial statement impact; or Critical breach in laws and regulations that could result in material fines or consequences; or Critical impact on the reputation or brand of the organisation which could threaten its future viability. High A finding that could have a: Significant impact on operational performance; or Significant monetary or financial statement impact ; or Significant breach in laws and regulations resulting in significant fines and consequences ; or Significant impact on the reputation or brand of the organisation. Medium A finding that could have a: Moderate impact on operational performance; or Moderate monetary or financial statement impact; or Moderate breach in laws and regulations resulting in fines and consequences; or Moderate impact on the reputation or brand of the organisation. Low A finding that could have a: Minor impact on the organisation s operational performance; or Minor monetary or financial statement impact; or Minor breach in laws and regulations with limited consequences; or Minor impact on the reputation of the organisation. Advisory A finding that does not have a risk impact but has been raised to highlight areas of inefficiencies or good practice. 10

11 Report classifications Findings rating Critical Points 40 points per finding Report classification Low risk Points 6 points or less High 10 points per finding Medium risk 7 15 points Medium 3 points per finding High risk points Low 1 point per finding Critical risk 40 points and over 11

12 Appendix 2 Agreed Terms of reference Background IT Governance has been an area of focus over the year, with the formulation of an ICT strategy and implementation of the Advisory Board as part of the Enterprise Governance Framework which is designed to ensure the Council s Enterprise Architecture remains aligned to the Business and ICT Strategies. The IT governance Advisory Board is made up with representatives from ICT and business areas, with a focus on ensuring that ICT is supporting the needs of the organisation, and providing oversight on ICT management activities. Scope The overall scope of this review will be to consider the design and operating effectiveness of the key controls in relation to IT Governance. The sub-processes and related control objectives included in this review are: Sub-process Objectives ICT Strategy Understand how the ICT strategy has been formulated and linked to the business strategy and agreed. Understand the approach to reviewing and updating the strategy to ensure it continues to address the key objectives. Perform a high-level review of the ICT strategy against best practice to ensure that key areas of focus have been captured. Enterprise Architecture Framework Understand how the Enterprise Architecture Framework has been set up and whether it is in line with good practice. Understand and evaluate the controls in place to ensure the Enterprise Architecture aligns with Business and IT strategy and ICT are delivering the defined benefits to the business. Understand how ICT reports on Governance to ensure sufficient priority, access, clear reporting lines and escalation are embedded in the process. Understand governance controls and reporting in place to ensure ICT is delivering in line with business expectations. 12

13 Limitations of scope The section above sets out the scope of the matters covered within this review. Our review will be conducted based on interviews and controls will be tested on a sample basis in line with PwC internal audit methodology. It is Management s responsibility to develop and maintain sound systems of risk management, internal control and governance and for the prevention and detection of irregularities and fraud. Internal audit work should not be seen as a substitute for Management s responsibilities for the design and operation of these systems. Audit approach Our audit approach is as follows: Obtain an understanding of the key controls in place through discussions with key personnel, and review of supporting governance documentation Identify the key risks relating to IT governance Evaluate the design of the controls in place to address the key risks Test the operating effectiveness of the key controls on a sample basis Key Council Contacts Name Paul Fleming Sandra Massey David McDowell Title Head of Customer Service and Performance Operations Manager ICT Enterprise Architect 13

14 Appendix 3 - Limitations and responsibilities Limitations inherent to the internal auditor s work We have undertaken a review of IT Governance, subject to the limitations outlined below. Internal control Internal control, no matter how well designed and operated, can provide only reasonable and not absolute assurance regarding achievement of an organisation's objectives. The likelihood of achievement is affected by limitations inherent in all internal control systems. These include the possibility of poor judgment in decision-making, human error, control processes being deliberately circumvented by employees and others, management overriding controls and the occurrence of unforeseeable circumstances. Future periods Our assessment of controls relating to IT Governance is as at 14 March Historic evaluation of effectiveness is not relevant to future periods due to the risk that: the design of controls may become inadequate because of changes in operating environment, law, regulation or other; or The degree of compliance with policies and procedures may deteriorate. Responsibilities of management and internal auditors It is management s responsibility to develop and maintain sound systems of risk management, internal control and governance and for the prevention and detection of irregularities and fraud. Internal audit work should not be seen as a substitute for management s responsibilities for the design and operation of these systems. We endeavour to plan our work so that we have a reasonable expectation of detecting significant control weaknesses and, if detected, we shall carry out additional work directed towards identification of consequent fraud or other irregularities. However, internal audit procedures alone, even when carried out with due professional care, do not guarantee that fraud will be detected. Accordingly, our examinations as internal auditors should not be relied upon solely to disclose fraud, defalcations or other irregularities which may exist. 14

15 In the event that, pursuant to a request which Aberdeen City Council has received under the Freedom of Information Act 2000 or the Environmental Information Regulations 2004 (as the same may be amended or re-enacted from time to time) or any subordinate legislation made thereunder (collectively, the Legislation ), Aberdeen City Council is required to disclose any information contained in this document, it will notify PwC promptly and will consult with PwC prior to disclosing such document. Aberdeen City Council agrees to pay due regard to any representations which PwC may make in connection with such disclosure and to apply any relevant exemptions which may exist under the Legislation. If, following consultation with PwC, Aberdeen City Council discloses any this document or any part thereof, it shall ensure that any disclaimer which PwC has included or may subsequently wish to include in the information is reproduced in full in any copies disclosed. This document has been prepared only for Aberdeen City Council and solely for the purpose and on the terms agreed with Aberdeen City Council in our agreement dated 4 October We accept no liability (including for negligence) to anyone else in connection with this document, and it may not be provided to anyone else PricewaterhouseCoopers LLP. All rights reserved. In this document, "PwC" refers to PricewaterhouseCoopers LLP (a limited liability partnership in the United Kingdom), which is a member firm of PricewaterhouseCoopers International Limited, each member firm of which is a separate legal entity.

Aberdeen City Council IT Asset Management

Aberdeen City Council IT Asset Management Aberdeen City Council IT Asset Management Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates

More information

Aberdeen City Council IT Security (Network and perimeter)

Aberdeen City Council IT Security (Network and perimeter) Aberdeen City Council IT Security (Network and perimeter) Internal Audit Report 2014/2015 for Aberdeen City Council August 2014 Internal Audit KPIs Target Dates Actual Dates Red/Amber/Green Commentary

More information

Aberdeen City Council IT Disaster Recovery

Aberdeen City Council IT Disaster Recovery Aberdeen City Council IT Disaster Recovery Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates

More information

Aberdeen City Council

Aberdeen City Council Aberdeen City Council Internal Audit Report Final Contract management arrangements within Social Care & Wellbeing 2013/2014 for Aberdeen City Council January 2014 Internal Audit KPI Targets Target Dates

More information

Aberdeen City Council. Fleet Management Final Report

Aberdeen City Council. Fleet Management Final Report Aberdeen City Council Fleet Management Final Report Internal Audit Report 2013/2014 for Aberdeen City Council February 2014 Internal Audit KPI Targets Target Dates Actual Dates Red/Amber/ Green Commentary

More information

Business Continuity Business Impact Analysis arrangements

Business Continuity Business Impact Analysis arrangements Aberdeen City Council Internal Audit Report 2012/2013 for Aberdeen City Council May 2013 Business Continuity Business Impact Analysis arrangements Final Report Contents Section Page 1. Executive Summary

More information

Oxford City Council Managing Capital Projects

Oxford City Council Managing Capital Projects www.pwc.co.uk Internal Audit Report 2014/2015 August 2015 Oxford City Council Managing Capital Projects Table of Contents 1. Executive Summary... 3 2. Background and scope... 5 3. Detailed findings...

More information

South Northamptonshire Council Contract Assurance: Leisure Contract

South Northamptonshire Council Contract Assurance: Leisure Contract South Northamptonshire Council Contract Assurance: Leisure Contract FINAL Internal Audit Report 2012/2013 January 2013 Contents 1. Executive summary 4 2. Background and scope 5 3. Detailed current year

More information

The end of SAS70 what next for Performance Assurance?

The end of SAS70 what next for Performance Assurance? Enhancing Trust and Transparency The end of SAS70 what next for Performance Assurance? A perspective on transitioning from SAS 70 to ISAE 3402 pwc Enhancing Trust and Transparency 1 Contents What you need

More information

FINANCIAL REPORTING COUNCIL

FINANCIAL REPORTING COUNCIL FINANCIAL REPORTING COUNCIL INTERNAL CONTROL REVISED GUIDANCE FOR DIRECTORS ON THE COMBINED CODE OCTOBER 2005 FINANCIAL REPORTING COUNCIL INTERNAL CONTROL REVISED GUIDANCE FOR DIRECTORS ON THE COMBINED

More information

West Middlesex University Hospital NHS Trust

West Middlesex University Hospital NHS Trust www.pwc.co.uk July 2014 Government and Public Sector West Middlesex University Hospital NHS Trust Annual Audit Letter 2013/14 Audit PricewaterhouseCoopers LLP 7 More London Riverside London SE1 2RT The

More information

Governance and Audit Committee 23 November 2015

Governance and Audit Committee 23 November 2015 Agenda Item 7 Governance and Audit Committee 23 November 2015 Welland Internal Audit Consortium Internal Audit Plan & Performance Update 2015/16 Purpose of report: To provide Members with information on

More information

Payroll Review. Internal Audit Final Report 09_10 1.4. Assurance rating this review. Moderate. Distribution List. Chief Executive - Peter Sloman

Payroll Review. Internal Audit Final Report 09_10 1.4. Assurance rating this review. Moderate. Distribution List. Chief Executive - Peter Sloman Review Internal Audit Final Report 09_10 1.4 Assurance rating this review Moderate Distribution List Chief Executive - Peter Sloman Interim Executive Finance Director Nigel Pursey Heads of Finance - Penny

More information

Governance, Risk and Best Value Committee

Governance, Risk and Best Value Committee Governance, Risk and Best Value Committee 2.00pm, Wednesday 23 September 2015 Internal Audit Report: Integrated Health & Social Care Item number Report number Executive/routine Wards Executive summary

More information

Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary

Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary Office of the Police and Crime Commissioner for Avon and Somerset and Avon and Somerset Constabulary Internal Audit Report () FINAL Risk Management: Follow Up of Previous Internal Audit Recommendations

More information

Senate. SEN15-P17 11 March 2015. Paper Title: Enhancing Information Governance at Loughborough University

Senate. SEN15-P17 11 March 2015. Paper Title: Enhancing Information Governance at Loughborough University SEN15-P17 11 March 2015 Senate Paper Title: Enhancing Information Governance at Loughborough University Author: Information Technology & Governance Committee 1. Specific Decision Required by Committee

More information

Annual Governance Statement 2013/14

Annual Governance Statement 2013/14 31 Annual Governance Statement 2013/14 1. SCOPE OF RESPONSIBILITY ESPO is responsible for ensuring that its business is conducted in accordance with the law and proper standards, and that public money

More information

Bridgend County Borough Council. Corporate Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy Bridgend County Borough Council Corporate Risk Management Policy December 2014 Index Section Page No Introduction 3 Definition of risk 3 Aims and objectives 4 Strategy 4 Accountabilities and roles 5 Risk

More information

Practice Note. 10 (Revised) October 2010 AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM

Practice Note. 10 (Revised) October 2010 AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM October 2010 Practice Note 10 (Revised) AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM The Auditing Practices Board (APB) is one of the operating bodies of the Financial Reporting

More information

) ) ) ) ) ) ) ) ) ) ) )

) ) ) ) ) ) ) ) ) ) ) ) 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 PROPOSED AUDITING STANDARD RELATED TO CONFIRMATION AND RELATED AMENDMENTS TO PCAOB STANDARDS ) ) ) ) ) ) ) )

More information

Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010

Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010 Item 10 Appendix 1d Final Internal Audit Report Performance Management Greater London Authority April 2010 This report has been prepared on the basis of the limitations set out on page 16. Contents Page

More information

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES Ethical Leadership and Corporate Citizenship The board should provide effective leadership based on ethical foundation. that the company

More information

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014 WOOLWORTHS HOLDINGS LIMITED CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 CORPORATE GOVERNANCE PRINCIPLES 2014 This table is a useful reference to each of the King III principles

More information

FRAMEWORK FOR THE PREPARATION OF ACCOUNTS. Best Practice Guidance

FRAMEWORK FOR THE PREPARATION OF ACCOUNTS. Best Practice Guidance FRAMEWORK FOR THE PREPARATION OF ACCOUNTS Best Practice Guidance Revised Edition April 2010 PUBLISHED IN APRIL 2010 THE INSTITUTE OF CHARTERED ACCOUNTANTS OF SCOTLAND This document is published by the

More information

Professional Development for Engagement Partners Responsible for Audits of Financial Statements (Revised)

Professional Development for Engagement Partners Responsible for Audits of Financial Statements (Revised) IFAC Board Exposure Draft August 2012 Comments due: December 11, 2012 Proposed International Education Standard (IES) 8 Professional Development for Engagement Partners Responsible for Audits of Financial

More information

INTERNAL AUDIT FRAMEWORK

INTERNAL AUDIT FRAMEWORK INTERNAL AUDIT FRAMEWORK April 2007 Contents 1. Introduction... 3 2. Internal Audit Definition... 4 3. Structure... 5 3.1. Roles, Responsibilities and Accountabilities... 5 3.2. Authority... 11 3.3. Composition...

More information

Avon & Somerset Police Authority

Avon & Somerset Police Authority Avon & Somerset Police Authority Internal Audit Report IT Service Desk FINAL REPORT Report Version: Date: Draft to Management: 19 February 2010 Management Response: 12 May 2010 Final: 13 May 2010 Distribution:

More information

Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management. Assurance Rating:

Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management. Assurance Rating: Coleg Gwent Internal Audit Report 2014/15 Staff Performance Management Assurance Rating: Distribution List: Final Report Audit Committee Principal Vice Principal, (Resources and Financial Planning)/Director

More information

Report of the Assistant Director Strategy & Performance to the meeting of Corporate Governance & Audit Committee to be held on 20 March 2009.

Report of the Assistant Director Strategy & Performance to the meeting of Corporate Governance & Audit Committee to be held on 20 March 2009. Report to the Corporate Governance & Audit Committee. Report of the Assistant Director Strategy & Performance to the meeting of Corporate Governance & Audit Committee to be held on 20 March 2009. Subject:

More information

Code of Audit Practice

Code of Audit Practice Code of Audit Practice APRIL 2015 Code of Audit Practice Published pursuant to Schedule 6 Para 2 of the Local Audit and Accountability This document is available on our website at: www.nao.org.uk/ consultation-code-audit-practice

More information

Proposed Auditing Standard: Inquiry Regarding Litigation and Claims (Re-issuance of AUS 508)

Proposed Auditing Standard: Inquiry Regarding Litigation and Claims (Re-issuance of AUS 508) EXPOSURE DRAFT ED 27/05 (December 2005) Proposed Auditing Standard: Inquiry Regarding Litigation and Claims Prepared and Issued by the Auditing and Assurance Standards Board Commenting on this Exposure

More information

Police and Crime Commissioner for Staffordshire and Chief Constable of Staffordshire

Police and Crime Commissioner for Staffordshire and Chief Constable of Staffordshire www.pwc.co.uk Government and Public Sector 04/03/2015 Police and Crime Commissioner for Staffordshire and Chief Constable of Staffordshire External Audit Plan 2014/15 Contents Code of Audit Practice and

More information

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES SD 0880/10 INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES Laid before Tynwald 16 November 2010 Coming into operation 1 October 2010 The Supervisor, after consulting

More information

Special Purpose Reports on the Effectiveness of Control Procedures

Special Purpose Reports on the Effectiveness of Control Procedures Auditing Standard AUS 810 (July 2002) Special Purpose Reports on the Effectiveness of Control Procedures Prepared by the Auditing & Assurance Standards Board of the Australian Accounting Research Foundation

More information

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY RISK MANAGEMENT POLICY Approved by Governing Authority February 2016 1. BACKGROUND 1.1 The focus on governance in corporate and public bodies continues to increase. It resulted in an expansion from the

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

APPENDIX C. Internal Audit Report South Holland District Council Project Management

APPENDIX C. Internal Audit Report South Holland District Council Project Management APPENDIX C Internal Audit Report South Holland District Council Project Management Date: 20th December 2012 Contents Introduction and Scope 1 Executive Summary Assurance Opinion Key Messages 2 3 Management

More information

UK Corporate Governance Code: Raising the bar on risk management Why this is not business as usual and what you need to do to comply

UK Corporate Governance Code: Raising the bar on risk management Why this is not business as usual and what you need to do to comply www.pwc.co.uk/riskassurance UK Corporate Governance Code: Raising the bar on risk management Why this is not business as usual and what you need to do to comply September 2014 The FRC s amendments to the

More information

APES 320 Quality Control for Firms

APES 320 Quality Control for Firms APES 320 Quality Control for Firms APES 320 Quality Control for Firms is based on International Standard on Quality Control (ISQC 1) (as published in the Handbook of International Auditing, Assurance,

More information

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee Audit Committee Dear Shareholder, We are satisfied that the business has maintained robust risk management and internal controls, supported by strong overall governance processes, and that management have

More information

Corporate Policy and Strategy Committee

Corporate Policy and Strategy Committee Corporate Policy and Strategy Committee 10am, Tuesday, 30 September 2014 Information Governance Policies Item number Report number Executive/routine Wards All Executive summary Information is a key asset

More information

Addressing Disclosures in the Audit of Financial Statements

Addressing Disclosures in the Audit of Financial Statements Exposure Draft May 2014 Comments due: September 11, 2014 Proposed Changes to the International Standards on Auditing (ISAs) Addressing Disclosures in the Audit of Financial Statements This Exposure Draft

More information

INTERNATIONAL STANDARD ON AUDITING 200 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

INTERNATIONAL STANDARD ON AUDITING 200 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING AN AUDIT OF FINANCIAL STATEMENTS CONTENTS INTERNATIONAL STANDARD ON AUDITING 200 OBJECTIVE AND GENERAL PRINCIPLES GOVERNING (Effective for audits of financial statements for periods beginning on or after December 15, 2005. The Appendix contains

More information

ENTERPRISE RISK MANAGEMENT FRAMEWORK

ENTERPRISE RISK MANAGEMENT FRAMEWORK ROCKHAMPTON REGIONAL COUNCIL ENTERPRISE RISK MANAGEMENT FRAMEWORK 2013 Adopted 25 June 2013 Reviewed: October 2015 TABLE OF CONTENTS 1. Introduction... 3 1.1 Council s Mission... 3 1.2 Council s Values...

More information

STANDING ADVISORY GROUP MEETING

STANDING ADVISORY GROUP MEETING 1666 K Street, NW Washington, D.C. 20006 Telephone: (202) 207-9100 Facsimile: (202)862-8430 www.pcaobus.org STANDING ADVISORY GROUP MEETING BROKER-DEALER AUDIT CONSIDERATIONS JULY 15, 2010 Introduction

More information

PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2

PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2 PART I - PRELIMINARY...1 Objective...1 Applicability...2 Legal and Regulatory Provision...2 PART II POLICY REQUIREMENTS...3 Investment and Risk Management Policy...3 Monitoring and Control...5 Roles of

More information

ESM Management Comments on Board of Auditors Annual Report to the Board of Governors for the period ended 31 December 2014

ESM Management Comments on Board of Auditors Annual Report to the Board of Governors for the period ended 31 December 2014 ESM Management Comments on Board of Auditors Annual Report to the Board of Governors for the period ended 31 December 2014 Dear Chairperson, I would like to thank you for the opportunity to provide management

More information

SARBANES-OXLEY SECTION 404

SARBANES-OXLEY SECTION 404 SARBANES-OXLEY SECTION 404 A TOOLKIT FOR MANAGEMENT AND AUDITORS VOLUME 2 Public Company Accounting Oversight Board The Public Company Accounting Oversight Board (PCAOB) was established by Congress under

More information

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS

INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE CONTENTS INTERNATIONAL STANDARD ON AUDITING 260 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph

More information

Compliance Policy AGL Energy Limited

Compliance Policy AGL Energy Limited Compliance Policy AGL Energy Limited November 2013 Table of Contents 1. About this Document... 3 2. Policy Statement... 4 3. Purpose... 4 4. AGL Compliance Context... 4 5. Scope... 5 6. Objectives... 5

More information

3.6 - REPORT BY THE CHAIRMAN OF THE BOARD OF DIRECTORS ON CORPORATE GOVERNANCE, RISK MANAGEMENT AND INTERNAL CONTROLS

3.6 - REPORT BY THE CHAIRMAN OF THE BOARD OF DIRECTORS ON CORPORATE GOVERNANCE, RISK MANAGEMENT AND INTERNAL CONTROLS RISK FACTORS Report by the Chairman of the Board of Directors on corporate governance, risk management and internal controls Property damage and operating loss insurance Property damage/operating loss

More information

Inquiry Regarding Litigation and Claims

Inquiry Regarding Litigation and Claims Auditing Standard AUS 508 (July 2002) Inquiry Regarding Litigation and Claims Prepared by the Auditing & Assurance Standards Board of the Australian Accounting Research Foundation Issued by the Australian

More information

SOUTH NORTHAMPTONSHIRE COUNCIL. 11/31 ICT Capacity Management FINAL REPORT. June 2011

SOUTH NORTHAMPTONSHIRE COUNCIL. 11/31 ICT Capacity Management FINAL REPORT. June 2011 SOUTH NORTHAMPTONSHIRE COUNCIL 11/31 ICT Capacity Management FINAL REPORT June 2011 This report and the work connected therewith are subject to the Terms and Conditions of the contract dated 18/06/07,

More information

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting Guidance Corporate Governance Financial Reporting Council September 2014 Guidance on Risk Management, Internal Control and Related Financial and Business Reporting The FRC is responsible for promoting

More information

Revenue Scotland. Risk Management Framework

Revenue Scotland. Risk Management Framework Revenue Scotland Risk Management Framework Contents 1. Introduction... 3 1.1 Overview of risk management... 3 2. Policy statement... 4 3. Risk management approach... 5 3.1 Risk management objectives...

More information

Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating:

Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory. Assurance Rating: Coleg Gwent Internal Audit Report 2012/13 Assets and Inventory Assurance Rating: Distribution List: Draft Report: Principal Vice Principal, (Finance, Estates and Information Services) Clerk to the Corporation

More information

Enterprise Risk Management

Enterprise Risk Management Cayman Islands Society of Professional Accountants Enterprise Risk Management March 19, 2015 Dr. Sandra B. Richtermeyer, CPA, CMA What is Risk Management? Risk management is a process, effected by an entity's

More information

Entitlements Management System (EMS) Technology Update Project Health Check Review

Entitlements Management System (EMS) Technology Update Project Health Check Review Entitlements Management System (EMS) Technology Update Project Health Check Review February 2010 Final This report and PricewaterhouseCoopers deliverables are intended solely for the Department of Finance

More information

Audit, Risk and Compliance Committee Charter

Audit, Risk and Compliance Committee Charter 1. Background Audit, Risk and Compliance Committee Charter The Audit, Risk and Compliance Committee is a Committee of the Board of Directors ( Board ) of Syrah Resources Limited (ACN 125 242 284) ( Syrah

More information

States of Jersey Comptroller & Auditor General

States of Jersey Comptroller & Auditor General States of Jersey Comptroller & Auditor General Code of Audit Practice (Prepared under Article 18 of the Comptroller and Auditor General (Jersey) Law 2014) 28 November 2014 Foreword Independent external

More information

Dacorum Borough Council Final Internal Audit Report

Dacorum Borough Council Final Internal Audit Report Dacorum Borough Council Final Internal Audit Report ICT Change Management Distribution list: Chris Gordon Group Manager Neil Telkman - Information, Security and Standards Officer Gary Osler ICT Service

More information

Audit Committee, 20 March 2014. Internal Audit Report Project Management. Executive summary and recommendations. Introduction

Audit Committee, 20 March 2014. Internal Audit Report Project Management. Executive summary and recommendations. Introduction Audit Committee, 20 Internal Audit Report Project Management Executive summary and recommendations Introduction As part of the Internal Audit Plan for 2013-14 Mazars have undertaken a review of arrangements

More information

COMPLIANCE CHARTER 1

COMPLIANCE CHARTER 1 COMPLIANCE CHARTER 1 Contents 1. Compliance Policy Statement... 2 2. Purpose... 2 3. Mission and objective of the Directorate: Compliance... 2 3.1 Mission... 2 3.2 Objective... 3 4. Compliance risk management...

More information

Manchester City Council

Manchester City Council Manchester City Council Accounts Audit Plan 2009/10 18 December 2009 Contents Page 1 Introduction 2 2 Approach and audit risks 3 3 Administration 13 4 Planned outputs 16 Appendices A B IFRS Action Plan

More information

Minutes of the meeting of 30 June 2014

Minutes of the meeting of 30 June 2014 Minutes of the meeting of 30 June 2014 The meeting opened at 10.34. Present: Brian Baverstock, Chair Linda Watt, committee member Andrew Thin, committee member Also present: Boyd McAdam, National Convener/Interim

More information

Integrated Risk Management:

Integrated Risk Management: Integrated Risk Management: A Framework for Fraser Health For further information contact: Integrated Risk Management Fraser Health Corporate Office 300, 10334 152A Street Surrey, BC V3R 8T4 Phone: (604)

More information

Standards for the Professional Practice of Internal Auditing

Standards for the Professional Practice of Internal Auditing Standards for the Professional Practice of Internal Auditing THE INSTITUTE OF INTERNAL AUDITORS 247 Maitland Avenue Altamonte Springs, Florida 32701-4201 Copyright c 2001 by The Institute of Internal Auditors,

More information

Board Charter. May 2014

Board Charter. May 2014 May 2014 Document History and Version Control Document History Document Title: Board Charter Document Type: Charter Owner: Board [Company Secretary] Description of content: Corporate Governance practices

More information

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE

NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE STAATSKOERANT, 19 DESEMBER 2014 No. 38357 3 BOARD NOTICE NOTICE 158 OF 2014 FINANCIAL SERVICES BOARD REGISTRAR OF LONG-TERM INSURANCE AND SHORT-TERM INSURANCE LONG-TERM INSURANCE ACT, 1998 (ACT NO. 52

More information

Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010

Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010 Report 7 Appendix 1d Final Internal Audit Report Sundry Income and Debtors (inc. Fees and Charges) Greater London Authority February 2010 This report has been prepared on the basis of the limitations set

More information

PRACTICE NOTE 22 THE AUDITORS CONSIDERATION OF FRS 17 RETIREMENT BENEFITS DEFINED BENEFIT SCHEMES

PRACTICE NOTE 22 THE AUDITORS CONSIDERATION OF FRS 17 RETIREMENT BENEFITS DEFINED BENEFIT SCHEMES PRACTICE NOTE 22 THE AUDITORS CONSIDERATION OF FRS 17 RETIREMENT BENEFITS DEFINED BENEFIT SCHEMES Contents Introduction Background The audit approach Ethical issues Planning considerations Communication

More information

INTERNATIONAL STANDARD ON AUDITING 220 QUALITY CONTROL FOR AN AUDIT OF FINANCIAL STATEMENTS CONTENTS

INTERNATIONAL STANDARD ON AUDITING 220 QUALITY CONTROL FOR AN AUDIT OF FINANCIAL STATEMENTS CONTENTS INTERNATIONAL STANDARD ON 220 QUALITY CONTROL FOR AN AUDIT OF FINANCIAL STATEMENTS (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Introduction

More information

UNSOLICITED PROPOSALS

UNSOLICITED PROPOSALS UNSOLICITED PROPOSALS GUIDE FOR SUBMISSION AND ASSESSMENT January 2012 CONTENTS 1 PREMIER S STATEMENT 3 2 INTRODUCTION 3 3 GUIDING PRINCIPLES 5 3.1 OPTIMISE OUTCOMES 5 3.2 ASSESSMENT CRITERIA 5 3.3 PROBITY

More information

Professional Competence for Engagement Partners Responsible for Audits of Financial Statements (Revised)

Professional Competence for Engagement Partners Responsible for Audits of Financial Statements (Revised) IFAC Board Exposure Draft December 2013 Comments due: April 17, 2014 Proposed International Education Standard (IES) 8 Professional Competence for Engagement Partners Responsible for Audits of Financial

More information

Agency Board Meeting 28 July 2015

Agency Board Meeting 28 July 2015 SEPA 22/15 Agency Board Meeting 28 July 2015 Report Number: SEPA 22/15 Audit Committee Annual Performance Report 2014-2015 Summary: Risks: Resource and Staffing Implications Equalities: Environmental and

More information

Service Management and ICT Monitoring and Reporting Advisory and Implementation Services

Service Management and ICT Monitoring and Reporting Advisory and Implementation Services Service Management and ICT Monitoring and Reporting Advisory and Implementation Services G-Cloud Service 1 1. An overview of the G-Cloud Service Arcus can assist you with a review and advice on the effectiveness

More information

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter

Board of Directors Meeting 12/04/2010. Operational Risk Management Charter Board of Directors Meeting 12/04/2010 Document approved Operational Risk Management Charter Table of contents A. INTRODUCTION...3 I. Background...3 II. Purpose and Scope...3 III. Definitions...3 B. GOVERNANCE...4

More information

REPORTING ACCOUNTANTS WORK ON FINANCIAL REPORTING PROCEDURES. Financing Change initiative

REPORTING ACCOUNTANTS WORK ON FINANCIAL REPORTING PROCEDURES. Financing Change initiative REPORTING ACCOUNTANTS WORK ON FINANCIAL REPORTING PROCEDURES consultation PAPER Financing Change initiative inspiring CONFIdENCE icaew.com/financingchange ICAEW operates under a Royal Charter, working

More information

Annual Report of Internal Audit 2012/13

Annual Report of Internal Audit 2012/13 Open Decision Item 4 Audit & Governance Committee 19 th June 2013 Annual Report of Internal Audit 2012/13 SYNOPSIS To report on Internal Audit s opinion of the overall adequacy and effectiveness of the

More information

Financial Services Guidance Note Outsourcing

Financial Services Guidance Note Outsourcing Financial Services Guidance Note Issued: April 2005 Revised: August 2007 Table of Contents 1. Introduction... 3 1.1 Background... 3 1.2 Definitions... 3 2. Guiding Principles... 5 3. Key Risks of... 14

More information

Information Commissioner's Office

Information Commissioner's Office Phil Keown Engagement Lead T: 020 7728 2394 E: philip.r.keown@uk.gt.com Will Simpson Associate Director T: 0161 953 6486 E: will.g.simpson@uk.gt.com Information Commissioner's Office Internal Audit 2015-16:

More information

INTERNATIONAL STANDARD ON AUDITING 230 AUDIT DOCUMENTATION CONTENTS

INTERNATIONAL STANDARD ON AUDITING 230 AUDIT DOCUMENTATION CONTENTS INTERNATIONAL STANDARD ON AUDITING 230 AUDIT DOCUMENTATION (Effective for audits of financial statements for periods beginning on or after December 15, 2009) CONTENTS Paragraph Introduction Scope of this

More information

The report rated this area Substantial Assurance and made 2 housekeeping recommendations.

The report rated this area Substantial Assurance and made 2 housekeeping recommendations. Audit Committee 21 June 2012 Internal audit report Risk Management review Executive summary and recommendations Introduction Mazars have undertaken a review of Risk Management, in accordance with the internal

More information

Human Services Quality Framework. User Guide

Human Services Quality Framework. User Guide Human Services Quality Framework User Guide Purpose The purpose of the user guide is to assist in interpreting and applying the Human Services Quality Standards and associated indicators across all service

More information

RISK MANAGEMENT AND COMPLIANCE

RISK MANAGEMENT AND COMPLIANCE RISK MANAGEMENT AND COMPLIANCE Contents 1. Risk management system... 2 1.1 Legislation... 2 1.2 Guidance... 3 1.3 Risk management policy... 4 1.4 Risk management process... 4 1.5 Risk register... 8 1.6

More information

Our comments concerning internal control and other significant matters are presented as follows:

Our comments concerning internal control and other significant matters are presented as follows: MANAGEMENT LETTER Board of Directors Indianapolis, Indiana In planning and performing our audit of the consolidated financial statements of TCM International Institute, Inc. and European Evangelistic Society

More information

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 700 THE AUDITOR S REPORT ON FINANCIAL STATEMENTS CONTENTS

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 700 THE AUDITOR S REPORT ON FINANCIAL STATEMENTS CONTENTS INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 700 THE AUDITOR S REPORT ON FINANCIAL STATEMENTS CONTENTS Paragraphs Introduction... 1-4 Basic Elements of the Auditor s Report... 5-26-1 The Auditor

More information

HARLOW COUNCIL PERFORMANCE MANAGEMENT FRAMEWORK

HARLOW COUNCIL PERFORMANCE MANAGEMENT FRAMEWORK HARLOW COUNCIL PERFORMANCE MANAGEMENT FRAMEWORK July 2013 1 P age Contents Page 1.0 Definition 3 2.0 Context 3 3.0 Purpose and aim of the policy 4 4.0 Policy Statement 4 5.0 Framework for Performance Management

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise

More information

Compliance Management Framework. Managing Compliance at the University

Compliance Management Framework. Managing Compliance at the University Compliance Management Framework Managing Compliance at the University Risk and Compliance Office Effective from 07-10-2014 Contents 1 Compliance Management Framework... 2 1.1 Purpose of the Compliance

More information

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012

GUIDANCE NOTE FOR DEPOSIT-TAKERS. Operational Risk Management. March 2012 GUIDANCE NOTE FOR DEPOSIT-TAKERS Operational Risk Management March 2012 Version 1.0 Contents Page No 1 Introduction 2 2 Overview 3 Operational risk - fundamental principles and governance 3 Fundamental

More information

ESKISP6046.02 Direct security architecture development

ESKISP6046.02 Direct security architecture development Overview This standard covers the competencies concerned with directing security architecture activities. It includes setting the strategy and policies for security architecture, and being fully accountable

More information

Fraud Prevention and Deterrence

Fraud Prevention and Deterrence Fraud Prevention and Deterrence Fraud Risk Assessment 2016 Association of Certified Fraud Examiners, Inc. What Is Fraud Risk? The vulnerability that an organization faces from individuals capable of combining

More information

Strategy for regulating defined contribution pension schemes

Strategy for regulating defined contribution pension schemes Strategy for regulating defined contribution pension schemes From April 2015, new pensions legislation came into force which directly affects this strategy. We will consult on any proposed revisions to

More information

The Importance of IT Controls to Sarbanes-Oxley Compliance

The Importance of IT Controls to Sarbanes-Oxley Compliance Hosted by Deloitte, PricewaterhouseCoopers and ISACA/ITGI The Importance of IT Controls to Sarbanes-Oxley Compliance 15 December 2003 1 Presenters Chris Fox, CA Sr. Manager, Internal Audit Services PricewaterhouseCoopers

More information

1.1 Terms of Reference Y P N Comments/Areas for Improvement

1.1 Terms of Reference Y P N Comments/Areas for Improvement 1 Scope of Internal Audit 1.1 Terms of Reference Y P N Comments/Areas for Improvement 1.1.1 Do Terms of Reference: a) Establish the responsibilities and objectives of IA? b) Establish the organisational

More information

Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013

Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council. Year ended 31 March 2013 Informing the audit risk assessment Enquiries to those charged with governance Calderdale Council This version of the report is a draft. Its contents and subject matter remain under review and its contents

More information

Preparation of a Rail Safety Management System Guideline

Preparation of a Rail Safety Management System Guideline Preparation of a Rail Safety Management System Guideline Page 1 of 99 Version History Version No. Approved by Date approved Review date 1 By 20 January 2014 Guideline for Preparation of a Safety Management

More information

LUKHANJI MUNICIPALITY PERFORMANCE MANAGEMENT FRAMEWORK

LUKHANJI MUNICIPALITY PERFORMANCE MANAGEMENT FRAMEWORK LUKHANJI MUNICIPALITY PERFORMANCE MANAGEMENT FRAMEWORK INTRODUCTION The Municipal Systems Act, 2000, which requires a municipality to establish a performance management system that is: Commensurate with

More information

Guidance Statement GS 011 Third Party Access to Audit Working Papers

Guidance Statement GS 011 Third Party Access to Audit Working Papers GS 011 (April 2009) Guidance Statement GS 011 Third Party Access to Audit Working Papers Issued by the Auditing and Assurance Standards Board GS 011-1 - GUIDANCE STATEMENT Obtaining a Copy of this Guidance

More information